Note
Fabric Extend over IPsec limitations:
The global SPBM parameters must be configured before you can configure the Fabric Extend over IPsec tunnel.
Note
The ipsec command is only available after the auth-key command is configured.
Switch> enable Switch# configure terminal Switch(config)# spbm Switch(config-isis)# router isis Switch(config-isis)# spbm 1 Switch(config-isis)# spbm 1 nick-name 1.11.40 Switch(config-isis)# spbm 1 b-vid 2,3 primary 2 Switch(config-isis)# is-type l1 Switch(config-isis)# manual-area c0.2000.0000.00 Switch(config-isis)# sys-name SwitchB Switch(config-isis)# exit Switch(config)# vlan create 2 type spbm-bvlan Switch(config)# vlan create 3 type spbm-bvlan Switch(config)# router isis enable
Configuring Fabric Extend over IPsec consists of two primary tasks: configuring the tunnel source address and configuring the logical interface. These tasks must be completed on both ends of the tunnel.
Switch> enable Switch# configure terminal Switch(config)# interface GigabitEthernet 1/1 Switch(config-if)# brouter port 1/1 vlan 2500 subnet 192.0.2.0/255.255.255.0 mac-offset 0 Switch(config-if)# exit Switch(config)# router isis Switch(config-isis)# ip-tunnel-source-address 192.0.2.0 Switch(config-isis)# exit Switch(config)# logical-intf isis 1 dest-ip 198.51.100.0 Switch(config-isis-1-198.51.100.0)# isis Switch(config-isis-1-198.51.100.0)# isis spbm 1 Switch(config-isis-1-198.51.100.0)# isis enable Switch(config-isis-1-198.51.100.0)# auth-key 12345678 Switch(config-isis-1-198.51.100.0)# ipsec encryption-key-length 256 Switch(config-isis-1-198.51.100.0)# ipsec Switch(config-isis-1-198.51.100.0)# exit
Note
Product Notice: 256-bit IPsec Encryption for Fabric Extend Tunnels is only supported on XA1400 Series devices.